Call Now

+92 312 0490601

DevSecOps Enrollment Form


Need Help?
Get instant support from our team

Chat on WhatsApp

DevSecOps

About this course

This course integrates security practices into the DevOps pipeline, emphasizing continuous security and collaboration among development, security, and operations teams. Explore strategies for automating security testing, vulnerability assessment, and compliance checks throughout the software development lifecycle (SDLC). Learn to implement security controls using tools like Docker, Kubernetes, and Jenkins to ensure secure containerization and deployment. Gain insights into threat modeling, secure coding practices, and incident response, equipping you to address security challenges proactively. Ideal for DevOps engineers, security professionals, and developers aiming to enhance the security posture of applications while maintaining agility and efficiency in delivery pipelines.

Course Outline

Module 1: Introduction to DevSecOps

Task: Introduction to DevSecOps:
  • Definition of DevSecOps
  • How it differs from DevOps
  • Real-world examples of security failures
  • DevSecOps principles and benefits
Outcomes:
  • Clear understanding of what DevSecOps is and why it’s important

Module 2: SDLC, Threats & Attack Vectors

Task: Threat Modeling Basics:
  • Overview of SDLC stages
  • Introduction to security touchpoints in SDLC
  • Understanding common attack vectors
  • Basic intro to STRIDE model
Outcomes:
  • Ability to identify threats across SDLC stages

Module 3: OWASP Top 10 – Part 1

Task: OWASP Top 10 (Part 1):
  • Cover top 5: Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control — with examples
Outcomes:
  • Familiarity with most critical web application risks

Module 4: Secure Code Practices

Task: Secure Coding Guidelines:
  • Understanding secure coding principles: input validation, encoding, error handling, password management, basic intro to SAST
Outcomes:
  • Knowledge of how to write more secure code

Module 5: Static Code Scanning (SonarQube)

Topic: Run SonarQube Scan:
  • Install SonarQube using Docker
  • Scan a JavaScript or Java project
  • Review bugs
  • Vulnerabilities
  • Code smells
Outcomes:
  • Able to analyze code using SonarQube
Tools:
  • SonarQube
  • Docker

Module 6: Introduction to CodeQL

Topic: Run CodeQL:
  • Install CodeQL CLI
  • Use GitHub CodeQL repo
  • Run analysis
  • View and understand query results
  • Explore query customization
Outcomes:
  • Understand how to use CodeQL for deep code analysis
Tools:
  • CodeQL

Module 7: CI/CD Pipeline Overview

Topic: CI/CD Basics:
  • Understand CI/CD stages
  • Tools overview (GitHub Actions, GitLab)
  • Explain where security tools can be integrated
  • Pipeline visualization
Outcomes:
  • Know CI/CD stages and security injection points
Tools:
  • GitHub Actions

Module 8: Secure CI with SonarQube/Snyk

Topic: CI with Security Scans:
  • Integrate SonarQube or Snyk in a pipeline
  • Trigger automatic scans on pull request
  • See scan reports and logs
Outcomes:
  • Hands-on security in CI pipelines
Tools:
  • SonarQube
  • Snyk

$ 150

Start Your Enrollment
}

Duration

30hrs

Module

8

Need Help?
Get instant support from our team

Chat on WhatsApp

$ 150

Enroll Now
}

8

Module

6